Audit risk is the risk of expressing an inappropriate audit opinion on financial statements that are materially misstated.
The objective of the audit is to reduce this audit risk to an acceptably low level.
Audit risk has two key elements, as illustrated below.
To reduce audit risk to an acceptably low level, the auditor is required to:
Assess the risks of material misstatement; and
Limit detection risk. This may be achieved by performing procedures that respond to the assessed risks of material misstatement, both at the financial statement level and at the assertion level, for classes of transactions, account balances, and disclosures.
Audit Risk Components | 审计风险成分
Description: The susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Commentary: This includes events or conditions (internal or external) that could result in a misstatement (error or fraud) in the financial statements.
The sources of risk (often categorised as business or fraud risks) can arise from the entity’s objectives, the nature of its operations/industry, the regulatory environment in which it operates, and its size and complexity
Description: The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.
Commentary: Management designs controls to mitigate a specified inherent (business or fraud) risk factor. An entity assesses its risks (risk assessment) and then designs and implements appropriate controls to reduce its risk exposure to a tolerable (acceptable) level.
Controls may be:
Pervasive in nature, such as management’s attitude toward control, commitment to hiring competent people, and prevention of fraud. These controls are assessed at the financial statement level; and
Specific to the initiation, processing, or recording of a particular transaction. These are often called business process, activity-level, or transaction controls.
描述: 在关于某类交易、账户余额或披露的认定 (Assertion) 中可能发生的错报，以及可能是重大的错报，无论是单独的还是与其他错报合计的，都不能被实体的内部控制所防止，或不能及时发现和纠正的风险。
Description: The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Commentary: The auditor assesses the risks of material misstatement (inherent and control risk) at the financial statement and assertion levels.
Audit procedures are then developed to reduce audit risk to an acceptably low level.
This includes consideration of the potential risk of:
Selecting an inappropriate audit procedure;
Misapplying an appropriate audit procedure; or
Misinterpreting the results from an audit procedure.
Note: The ISAs define the risk of material misstatement at the assertion level as consisting of two components: inherent risk and control risk.
Consequently, the ISAs do not ordinarily refer to inherent risk and control risk separately, but rather to a combined assessment of the “risks of material misstatement.”
However, the auditor may make separate or combined assessments of inherent and control risk, depending on preferred audit techniques or methodologies and practical considerations.
注：《国际审计准则》将认定层面的重大错报风险（risk of material misstatement, ROMM) 定义为由两部分组成：固有风险和控制风险。
因此，《国际审计准则》通常不单独提及固有风险和控制风险，而是提及对 "重大错报风险 "的综合评估。然而，审计师可以对固有风险和控制风险进行单独或合并评估，这取决于首选的审计技术或方法以及实际考虑。
Separate business and fraud risks
Many inherent risks can result in both business and fraud risks. For example, a new accounting system may create potential for errors (business risk), but may also provide an opportunity for someone to manipulate financial results or misappropriate funds (fraud risk).
So when a business risk is identified always consider whether